Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS5917421 A
Publication typeGrant
Application numberUS 08/614,791
Publication dateJun 29, 1999
Filing dateMar 6, 1996
Priority dateNov 23, 1995
Fee statusPaid
Also published asDE69634326D1, DE69634326T2, EP0775992A2, EP0775992A3, EP0775992B1, US6202924
Publication number08614791, 614791, US 5917421 A, US 5917421A, US-A-5917421, US5917421 A, US5917421A
InventorsKeith A. Saunders
Original AssigneeNcr Corporation
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Method of authenticating an application program and a system therefor
US 5917421 A
Abstract
An unattended system, such as a self-service terminal or an automated teller machine, includes a memory unit which stores a number of application programs, and a register unit which stores a number of signatures associated with the application programs. The system further includes a processing unit which obtains a signature associated with a particular application program, compares the signature with the signatures stored in the register unit, and authenticates the application program only when the signature matches at least one of the signatures stored in the register unit.
Images(4)
Previous page
Next page
Claims(2)
What is claimed is:
1. An automated teller machine (ATM) for enabling a customer of a financial institution to carry out a financial transaction involving dispensing of currency at the ATM, the ATM comprising:
a card reader having a card slot through which a user identifying card of the customer can be received and for reading data from the user identifying card to verify the identity of the customer;
a key pad for allowing the customer to enter data to request the financial transaction involving dispensing of currency to be carried out after the card reader has verified the identity of the customer;
an actuatable currency dispenser having a currency dispense slot and for, when actuated in response to the customer requesting the financial transaction involving dispensing of currency to be carried out, delivering currency through the currency dispense slot to the customer;
a first memory unit located at the ATM and for storing an executable currency dispense application program having a signature associated therewith and which, when executed, actuates the currency dispenser to deliver currency through the currency dispense slot to the customer;
a second memory unit located at the ATM and for storing a plurality of signatures which are associated one-to-one with a corresponding plurality of application programs which are executable at the ATM; and
a processing unit for (i) obtaining the signature of the currency dispense application program stored in the first memory unit in response to the customer requesting the financial transaction involving dispensing of currency to be carried out, (ii) comparing the signature of the currency dispense application program stored in the first memory unit with the signatures stored in the second memory unit, (iii) authenticating the currency dispense application program only if the signature of the currency dispense application program stored in the first memory unit matches one of the signatures stored in the second memory unit, and (iv) executing the currency dispense application program stored in the first memory unit to actuate the currency dispenser to dispense currency through the currency dispense slot after the currency dispense application program has been authenticated.
2. A method of processing a financial transaction involving dispensing of currency at an automated teller machine (ATM), the method comprising the steps of:
(a) receiving a user identifying card from a customer desiring to carry out the financial transaction involving dispensing of currency at the ATM;
(b) reading data from the user identifying card received in step (a) to verify the identity of the customer;
(c) receiving a request from the customer to carry out the financial transaction involving dispensing of currency after the identity of the customer has been verified in step (b);
(d) obtaining a signature of an executable currency dispense application program stored in a first memory unit located at the ATM in response to the customer requesting the financial transaction involving dispensing of currency to be carried out in step (c);
(e) comparing the signature obtained in step (d) with a plurality of signatures which are associated one-to-one with a corresponding plurality of application programs which are executable at the ATM and stored in a second memory unit located at the ATM;
(f) authenticating the currency dispense application program stored in the first memory unit only if the signature of the currency dispense application program matches one of the signatures stored in the second memory unit based upon the comparison in step (e); and
(g) executing the currency dispense application program stored in the first memory unit to actuate a currency dispenser to dispense currency to the customer after the currency dispense application program has been authenticated in step (f).
Description
BACKGROUND OF THE INVENTION

The present invention relates to authenticating application programs, and is particularly directed to a method of authenticating an application program for use in an unattended system such as at a self-service terminal (SST) or an automated teller machine (ATM).

A typical authentication scheme to authenticate a user in an unattended system having a number of installed application programs relies upon the user having some secret knowledge (such as a personal identification number) to allow the user to gain access to valuable system resources of the unattended system. While this authentication scheme may provide adequate security in an attended system, such an authentication scheme may not provide the level of security desired in an unattended system, such as at a SST or ATM. The level of security desired may not be provided by the known authentication scheme because it is still possible to introduce an altered and/or fraudulent application program into the SST or ATM without subsequent users knowing the application program has been altered and/or is fraudulent.

SUMMARY OF THE INVENTION

In accordance with one aspect of the present invention, a method of authenticating an executable application program installed in an unattended system in response to a transactional request from a user of the unattended system requiring execution of the application program comprises the steps of accepting the transactional request from the user of the unattended system, obtaining a signature associated with the application program, comparing the signature with a number of signatures stored in a look-up table to determine if the signature matches one of the signatures stored in the look-up table, and authenticating the application program only when a match occurs.

In accordance with another aspect of the present invention, an unattended system comprises a memory unit for storing an executable application program and a processing unit for executing the application program stored in the memory unit. A user interface provided for accepting a transactional request from a user of the unattended system that the application program stored in the memory unit be executed by the processing unit. A register unit is provided for storing a number of signatures associated with a number of executable application programs. The processing unit includes (i) means for obtaining a signature associated with the application program, (ii) means for comparing the signature associated with the application program with the signatures stored in the register unit, and (iii) means for authenticating the application program only when the signature associated with application program matches at least one of the signatures stored in the register unit.

Preferably, the user interface comprises a front panel of an automated teller machine (ATM). The front panel of the ATM includes (i) a card reader having a card slot through which a user identifying card of an ATM customer can be received and (ii) a key pad for inputting data after the user identifying card has been inserted into the card slot, read by the card reader, and verified by the processing unit. The memory unit and the register unit comprise separate storage media.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other features of the present invention will become apparent to one skilled in the art to which the present invention relates upon consideration of the following description of the invention with reference to the accompanying drawings, wherein:

FIG. 1 is a schematic view illustrating an automated teller machine (ATM) embodying the present invention;

FIG. 2 is a block diagram representation of the ATM of FIG. 1; and

FIGS. 3-5 are flowcharts depicting processes carried out at the ATM of FIG. 1.

DETAILS OF THE INVENTION

The present invention is directed to a method of authenticating an application program to enable the application program to gain access to valuable system resources in response to a user request which requires execution of the application program. While the method of authenticating an application program in accordance with the present invention may be applied in different environments, the method is particularly useful for authenticating an application program which is installed in an unattended system, such as at a self-service terminal (SST) or an automated teller machine (ATM). By way of example, an ATM 10 embodying the present invention is illustrated in FIG. 1.

The ATM 10 comprises a user interface in the form of a front panel 12. The front panel 12 includes a card reader 14, a key pad 16, a cash dispenser 18, a CRT display screen 20, and a receipt printer 22. The card reader 14 has a card slot through which a customer 24 can insert a user identifying card 26 at the commencement of a transaction to be conducted by the customer 24. The cash dispenser 18 has a cash slot through which cash currency notes stored inside the ATM 10 can be delivered to the customer 24 during the transaction. The receipt printer 22 has a receipt slot through which a receipt of the transaction is delivered to the customer 24 at termination of the transaction.

When the customer 24 inserts the user identifying card 26 into the card slot of the card reader 14, the card reader reads data contained on the card. The customer 24 is then prompted on the CRT display screen 20 to enter a personal identification number (PIN) via the key pad 16. After the correct PIN is entered, menus are displayed on the display screen 20 to enable the customer 24 to carry out the desired transaction. After the transaction is completed, the receipt printer 22 prints a receipt of the transaction and delivers the receipt through the slot of the receipt printer 22 to the customer 24.

Referring to FIGS. 1 and 2, the ATM 10 further comprises a controller unit 30 which communicates with components of the front panel 12. The controller unit 30 includes a processor unit 32, a memory unit 34 connected via bus line 36 to the processor 32, and a register unit 38 which is connected via bus line 40 to the processor 32. The register unit 38 is a permanent storage media such as a hard disk or non-volatile RAM, for example. Although the memory unit 34 and the register unit 38 are shown as separate units in FIG. 2, it is contemplated that these units may be represented as a single storage unit. The processor 32 receives input signals on lines 42, 44 from the card reader 14 and the key pad 16, respectively, and provides output signals on lines 46, 48, 50 to the cash dispenser 18, the display screen 20, and the receipt printer 22, respectively, to control the amount of cash dispensed by the cash dispensed by the cash dispenser 18, the information displayed on the display screen 20, and the information printed by the receipt printer 22.

A number of application programs are stored in the memory unit 34. The specific application programs stored in the memory unit 34 depend upon the features and capabilities of the particular ATM 10. At least some of the application programs, when executed, control operation of valuable system resources like the cash dispenser 18, for example. It should be apparent that the application programs installed in an unattended system, such as at the ATM 10, need to be safeguarded, especially the application programs which control operation of valuable system resources. The application programs installed at the ATM 10 are safeguarded in a manner in accordance with the present invention, as explained in detail hereinbelow.

Referring to FIG. 3, a flowchart depicts a system function which is executed to install an application program into the memory unit 34. The system function depicted in the flowchart of FIG. 3 is usually executed when a person, such as a start-up engineer, first installs application programs into the memory unit 34 of the controller unit 30 of the ATM 10. In first step 100 of FIG. 3, a determination is made as to whether the unattended system (i.e., the ATM 10) is locked. If the determination in step 100 is affirmative, the system function proceeds to step 102 to determine if the installation program has been previously authenticated. The installation program copies application programs from distribution media (such as floppy disks) onto permanent local storage media (such as hard disks). If the determination in step 102 is negative, the system function proceeds to step 104 to indicate an error. When this occurs, the installation program cannot install any application program and the system function proceeds to the end. If the determination in step 102 is affirmative, the system function proceeds to step 106. Also, if the determination in step 100 is negative, the system function proceeds directly to step 106.

In step 106, a determination is made as to whether the application program to be installed has a signature associated therewith. If the determination in step 106 is negative, then the system function proceeds to step 108 to generate a signature before proceeding to step 110. If the determination in step 106 is affirmative, the system function proceeds directly to step 110. In step 110, the application program to be installed is stored in the memory unit 34 and the name and signature of the application program are stored in the register unit 38. After step 110, installation of the application program is completed.

Referring to FIG. 4, a flowchart depicts a system function which is called each time an application program, which has just been installed as described hereinabove with reference to FIG. 3, is started. The application program is usually executed when a person from the financial institution which owns the ATM 10, such as an administrator, updates or performs maintenance on the ATM 10. In first step 200 of FIG. 4, the name and signature of the application program are obtained. A determination is then made in step 202 as to whether the application program is contained in a look-up table of the register unit 38. If the determination in step 202 is negative, the system function proceeds to step 218 to indicate an error and then terminates. If the determination in step 202 is affirmative, the system function proceeds to step 204 to generate a signature for the application program.

After the signature is generated in step 204, the system function proceeds to step 206 to determine whether the signature matches one of the signatures stored in the look-up table of the register unit 38. If the determination in step 206 is negative, the system function proceeds to step 218 to indicate an error and then terminates. If the determination in step 206 is affirmative, the program proceeds to step 208 to obtain a list of multiple dynamic link libraries containing files which may be accessed by the application program. This list in the form of a look-up table is obtained from the register unit 38. The system function then proceeds to step 210 to generate a signature for one of the dynamic linking libraries. In step 212, a determination is then made as to whether the signature of the dynamic linking library of step 210 matches one of the signatures contained in a look-up table of the register unit 38. If the determination in step 212 is negative, the system function proceeds to step 218 to indicate an error and then terminates. If the determination in step 212 is affirmative, the system function proceeds to step 214.

In step 214, a determination is made as to whether there is another dynamic linking library associated with the particular application program. If the determination in step 214 is affirmative, the system function returns to step 210 and repeats steps 210 and 212 until all dynamic linking libraries associated with the particular application program have been considered. The determination in step 214 is negative when all dynamic linking libraries associated with the particular application program have been considered. The system function then proceeds to step 216 to add the name and signature of the particular application program to the look-up table of the register unit 38. When this occurs, the particular application program is said to be registered or validated at the ATM 10.

Referring to FIG. 5, a flowchart depicts a system function which is executed to authenticate an application program before the application program can control a valuable system resource, such as the cash dispenser 18, and thereby to control access of cash stored in cash dispenser 18 by the customer 24. The system function depicted in the flowchart of FIG. 5 is usually executed when the customer 24 carries out a transaction which occurs within execution of the particular application program at the ATM 10. In first step 300 of FIG. 5, a determination is made as to whether the ATM 10 is locked. If the determination in step 300 is negative, the system function proceeds to step 308 to allow the application program to have access to protected valuable system resources and thereby to allow the customer 24 to have access to valuable system resources, such as the cash dispenser 18. If the determination in step 300 is affirmative, the system function proceeds to step 302 to obtain the name and signature of the application program which requires access to the cash dispenser 18, for example. The system function then proceeds to step 304.

In step 304, a determination is made as to whether the name and signature of the application program are stored in a look-up table of the register unit 38. This look-up table contains a list of all application programs which have been registered or validated in accordance with the process described hereinabove with reference to the flowchart of FIG. 4. If the determination is negative, the system function proceeds to step 306 to indicate an error and then terminates. When this occurs, the application program and the customer 24 cannot gain access to the valuable system resource (i.e., the cash dispenser 18 in this example) controlled by the particular application program. Accordingly, the customer 24 cannot access any cash stored in the cash dispenser 18. However, if the determination in step 304 is affirmative, the system function proceeds to step 308. When this occurs, the application program is authenticated and the application program is able to control the cash dispenser 18 to thereby allow the customer 24 to access cash stored in the cash dispenser 18.

A number of advantages result by authenticating an application program installed in an unattended system, as described hereinabove. One advantage is that a mechanism is provided to prevent fraudulent transactions from occurring at the unattended system, especially fraudulent transactions involving access to valuable system resources like the cash dispenser 18 of the ATM 10 described above. A user of the ATM 10 is unable to gain access to the cash dispenser 18 until the application program which controls operation of the cash dispenser 18 has been authenticated. Another advantage is that an application program cannot be authenticated if the application program has been altered subsequent to its initial installation into the unattended system. An altered application program cannot be authenticated because the name and signature of an altered application program will not be found in the look-up table of the register unit 38 containing the list of registered or validated application programs, as described hereinabove.

From the above description of the invention, those skilled in the art to which the present invention relates will perceive improvements, changes and modifications. Numerous substitutions and modifications can be undertaken without departing from the true spirit and scope of the invention. Such improvements, changes and modifications within the skill of the art to which the present invention relates are intended to be covered by the appended claims.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4471216 *Oct 27, 1980Sep 11, 1984Compagnie Internationale Pour L'informatique Cii-Honeywell Bull (Societe AnonymeSystem and process for identification of persons requesting access to particular facilities
US4544833 *Apr 20, 1983Oct 1, 1985Cii Honeywell Bull (Societe Anonyme)Process and apparatus for authenticating or certifying at least one item of information contained in a memory of a removable and portable electronic carrier, such as a card
US4575621 *Mar 7, 1984Mar 11, 1986Corpra Research, Inc.Portable electronic transaction device and system therefor
US4590365 *Jul 31, 1984May 20, 1986Oki Electric Industry Co., Ltd.Automatic transaction system
US4623782 *Mar 11, 1983Nov 18, 1986Modi PartnershipComputer system wherein control segment of information loads the task in the computer and data segment of the information executes the task loaded in the computer
US4709137 *Apr 11, 1985Nov 24, 1987Omron Tateisi Electronics Co.IC card and financial transaction processing system using IC card
US5341290 *Sep 15, 1992Aug 23, 1994James LuModular system for printing and processing financial documents
US5619558 *Nov 13, 1995Apr 8, 1997Ncr CorporationATM segment of one marketing method
US5648648 *Feb 5, 1996Jul 15, 1997Finger Power, Inc.Personal identification system for use with fingerprint data in secured transactions
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US6042007 *Oct 16, 1998Mar 28, 2000Ncr CorporationSelf-service computer assembly with integrated receipt printer
US6202924 *Mar 26, 1999Mar 20, 2001Ncr CorporationMethod of authenticating an application program and a system therefor
US6735696 *Aug 14, 1998May 11, 2004Intel CorporationDigital content protection using a secure booting method and apparatus
US6986057 *Aug 22, 2000Jan 10, 2006Dallas Semiconductor CorporationSecurity device and method
US7493286 *Dec 10, 1998Feb 17, 2009International Business Machines CorporationFilter module for a transaction processing system
US7523856 *Sep 26, 2005Apr 28, 2009Diebold Self-Service SystemsCash dispensing automated banking machine with flexible display
US7711951 *Jan 8, 2004May 4, 2010International Business Machines CorporationMethod and system for establishing a trust framework based on smart key devices
US7849326Jan 8, 2004Dec 7, 2010International Business Machines CorporationMethod and system for protecting master secrets using smart key devices
US8052047 *Apr 9, 2010Nov 8, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8052048 *Jun 8, 2010Nov 8, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8100323May 31, 2006Jan 24, 2012Diebold Self-Service Systems Division Of Diebold, IncorporatedApparatus and method for verifying components of an ATM
US8474038 *Sep 30, 2009Jun 25, 2013Emc CorporationSoftware inventory derivation
US8499346 *Dec 18, 2009Jul 30, 2013Ncr CorporationSecure authentication at a self-service terminal
US8655844Sep 30, 2009Feb 18, 2014Emc CorporationFile version tracking via signature indices
US8701193Sep 30, 2009Apr 15, 2014Emc CorporationMalware detection via signature indices
US20110154481 *Dec 18, 2009Jun 23, 2011Kilgore Andrew D JSecure authentication at a self-service terminal
US20130062406 *Nov 6, 2012Mar 14, 2013Robin Haley GustinAutomated document cashing system
Classifications
U.S. Classification340/5.41, 340/5.8, 235/375, 705/64, 235/382.5, 235/379, 713/187, 340/5.74, 235/380, 380/30
International ClassificationG07D9/00, G06Q40/00, G06F21/22, G06Q10/00, G07F19/00
Cooperative ClassificationG07F19/207, G06Q20/382, G07F19/20, G07F19/201
European ClassificationG07F19/20, G07F19/201, G07F19/207, G06Q20/382
Legal Events
DateCodeEventDescription
Jan 15, 2014ASAssignment
Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT
Free format text: SECURITY AGREEMENT;ASSIGNORS:NCR CORPORATION;NCR INTERNATIONAL, INC.;REEL/FRAME:032034/0010
Effective date: 20140106
Sep 29, 2010FPAYFee payment
Year of fee payment: 12
Sep 8, 2006FPAYFee payment
Year of fee payment: 8
Aug 23, 2002FPAYFee payment
Year of fee payment: 4
Mar 6, 1996ASAssignment
Owner name: NCR CORPORATION, OHIO
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SAUNDERS, KEITH A.;REEL/FRAME:007929/0005
Effective date: 19960213